Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
21/01/2024, 14:52
240121-r8syqaeac7 1021/01/2024, 14:51
240121-r8k8waeac5 1001/01/2024, 13:55
240101-q776kscacp 10Analysis
-
max time kernel
144s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
21/01/2024, 14:51
General
-
Target
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe
-
Size
263KB
-
MD5
111e7dd338f7a7db306c95e05797747f
-
SHA1
aff72034cbbc21693425306ad42b1bb182582743
-
SHA256
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
-
SHA512
215ee93c5faf2af3a55cceed281b56aecb5990baf4ae508f02eb481c7c22081f05b73a2657279205ff5d4edfc63722ea1405a9e8cdf65939021c9f052ffb6fec
-
SSDEEP
6144:jeHgRe/IfHES0cVZrDjuNywKGOCWVoYkNMbU:jeHgM4HxZG1KGjWVoVO
Malware Config
Extracted
C:\Users\Admin\Downloads\How To Recover Encrypted Files.hta
class="mark">[email protected]</span>
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s) 25 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe"C:\Users\Admin\AppData\Local\Temp\5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exemshta.exe "javascript:o=new ActiveXObject('WScript.Shell');setInterval(function(){try{o.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\Scanner','C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe');}catch(e){}},10);"3⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 7363⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\mshta.exemshta.exe "javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('C:\\Users\\Admin\\AppData\\Local\\Temp\\5474E7~1.EXE');close()}catch(e){}},10);"2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 34481⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5ef5b5a4fa3e5b2ce779760a88ca144de
SHA14c21f98f2220b4052835e556226465206de175c8
SHA25682319145ec420d9aceb77e3e550211f05f62b48158cc2df4aa93a42c9acdf03f
SHA51292884343f40510783d6a0aa0d55bc6dc482503a5e69a8074683778f7694e91378e8af5f05a92c175ba4b82608c49cece016800a473c2e3422faed5ed842230ec
-
Filesize
263KB
MD5111e7dd338f7a7db306c95e05797747f
SHA1aff72034cbbc21693425306ad42b1bb182582743
SHA2565474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
SHA512215ee93c5faf2af3a55cceed281b56aecb5990baf4ae508f02eb481c7c22081f05b73a2657279205ff5d4edfc63722ea1405a9e8cdf65939021c9f052ffb6fec
-
Filesize
212KB
MD54ea3600a6076c9f560fa71d57194d475
SHA18a2713b7088f84e952f3ed5ac3d131493decd19b
SHA256893beb4bb245976d5d9205ed4a158ce28aa35c66fc4762bcceacec8b69234de7
SHA5122915e5ea0f093394eff344c01a7d0156e58405aa4a890d2287264208c3942807e9ff318e10a445244c0414b4264fb40d14fdd780f542e09632848beee5b9fb99
-
Filesize
197KB
MD51d35ad5be1b7bac24bfc693c211a0d12
SHA1464f96db424f185cc5be88843e2e45ee3370f62c
SHA2564b1ee5f1eda9a2f814b32590e4bd502d159c9dd95bd5f581999a9472e286f1fa
SHA512e4fc6a7b2a11c2f07601ad2aa21a9e091cb33c5c59f37aa55f39bdec32421187db6c050af10b8f21470491d54532884172352ba3487fab856de824634a4f0f75
-
Filesize
5KB
MD5519740d698fb8ac242e5f9d8fb94594b
SHA1cf9be47b84ac3b3b6ad7073563e23504eb26a244
SHA256f27477e57e0ae6635369e4d326d22ac62a2112af25d356e1a16f3a0058fc6e05
SHA5123759eb3adb6f69a2b9960c782e38cc32bc69da3a287ff25a7f473d65ee8992e573eaffa56e09cc09d56c67b217f68a147f542db51afe26fcb80e8c53811889da
-
Filesize
81KB
MD5c4efe810131936e6582f3c900b9a1bb1
SHA1d283be5b1975544e9ddc45c75b660e98208d2514
SHA25671c7b2cdac2cf98e29ccfbd9533f28527adab5beddfb60610725f1549fdc9405
SHA51290f1474d0ec8823d4addab77d34d356e2a6d9107907add238e929416e7afa92617acb0ac4db85cef4044469e71d6a433fe040f7c1741ccd15ff760baf6123567
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB